Well, you can sniff packets all over the network or a specific host when you are a man-in-the-middle. You may wonder now what is the benefit of sniffing HTTP packets on my local computer. Here is the output after browsing HTTP websites on my local machine: We've used the argparsemodule to parse arguments from the command line or terminal let's run the script now (I've named it http_filter.py): python3 http_sniffer.py -i wlan0 -show-raw Parser.add_argument("-show-raw", dest="show_raw", action="store_true", help="Whether to print POST raw data, such as passwords, search queries, etc.") Parser.add_argument("-i", "-iface", help="Interface to use, default is scapy's default interface") + "It is suggested that you run arp spoof before you use this script, otherwise it'll sniff your personal packets") Parser = argparse.ArgumentParser(description="HTTP Packet Sniffer, this is useful when you're a man in the middle." \ Now let's implement the main code: if _name_ = "_main_": We're going to pass it into the script's arguments. Try to print the whole HTTP request packet using the packet.show() method, you'll see a tremendous amount of information you can extract there.ĭon't worry about the show_raw variable it is just a global flag that indicates whether we print POST raw data, such as passwords, search queries, etc. We are extracting the requested URL, the requester's IP, and the request method here, but don't be limited to that. Related: Build 24 Ethical Hacking Scripts & Tools with Python EBook This function is executed whenever a packet is sniffed We passed the process_packet() function to sniff() function as the callback that is called whenever a packet is sniffed, it takes packet as an argument, let's implement it: def process_packet(packet): Sniff(filter="port 80", prn=process_packet, store=False)Īs you may notice, we specified port 80 here, that is because HTTP's standard port is 80, so we're already filtering out packets that we don't need. Sniff(filter="port 80", prn=process_packet, iface=iface, store=False) Sniff 80 port packets with `iface`, if None (default), then the Let's define the function that handles sniffing: def sniff_packets(iface=None): Let's import the necessary modules: from scapy.all import *įrom import HTTPRequest # import HTTP packet We need colorama here just for changing text color in the terminal.
If you have problems installing Scapy, check these tutorials:
#HTTP PACKET SNIFFER INSTALL#
Let's install the requirements for this tutorial: pip3 install scapy colorama In Scapy 2.4.3+, HTTP packets are supported by default. Once an HTTP request is captured, we extract some information from the packet and print them out. The basic idea behind the recipe we will see in this tutorial is that we keep sniffing packets. There are other tools to capture traffic, such as tcpdump or Wireshark, but in this guide, we'll use the Scapy library in Python to sniff packets. In this tutorial, you will see how you can sniff HTTP packets in the network using Scapy in Python. Monitoring the network always seems to be a useful task for network security engineers, as it enables them to see what is happening in the network, see and control malicious traffic, etc.
0 kommentar(er)
